Microsoft 365 / Entra ID / SSO / MFA
Role: IAM Engineer
Apply (by clicking the relevant button) after checking through all the related job information below.
Contract: 7+ months initially
IR35: Inside IR35
Day Rate: Up to £765 per day (via umbrella) potential for flex DOE
Location: Hybrid - 2 days/week on-site in Sheffield, remainder remote
Start: ASAP
Summary
An established well known national organisation is seeking a hands-on IAM Engineer to implement and operate identity, authentication, and access controls across Microsoft 365 and Microsoft Entra ID (Azure AD).
Focus is on SSO, MFA, Conditional Access, identity lifecycle, and privileged access (with CyberArk as a desirable skill). This is a delivery and operations role (not an architect), partnering with Security, Infrastructure, and Service Management to harden controls, reduce risk, and improve user experience.
Responsibilities
* Entra ID operations & hardening: tenant hygiene, identity security baseline, Conditional Access (CA) design/maintenance, break-glass access.
* SSO engineering: onboard and support SAML/OIDC apps; configure enterprise app registrations, claims, tokens, and session settings.
* MFA at scale: method policies (Authenticator, FIDO2, SMS), registration campaigns, CA-based MFA enforcement, resilient admin access patterns.
* Lifecycle & access controls: group-based access, dynamic groups, PIM (just-in-time admin), RBAC reviews, access reviews, least-privilege enforcement.
* Microsoft 365 alignment: integrate with Defender for Cloud Apps, govern Exchange/SharePoint/Teams access, improve Secure Score.
Required Skills & Experience
* Proven, hands-on Microsoft Entra ID administration: app registrations, Conditional Access, Identity Protection, authentication strengths, and policy operations.
* SSO delivery using SAML 2.0 / OIDC / OAuth 2.0: enterprise app onboarding, claims mapping, token troubleshooting (SAML traces, Fiddler, browser dev tools).
* MFA engineering and rollout: CA-based MFA, method policies, break-glass procedures, staged/targeted deployments.
* Microsoft 365 security controls: Exchange, SharePoint/OneDrive, Teams governance and access configuration. xsngvjr
Desirable
* CyberArk PAM (Core PAS): Safes, platform onboarding, credential rotation, PSM/PSMP, API integration.
If you have the relevant skills and interested in hearing more please apply with your latest CV.